CVE-2021-3716

LOW Year: 2021
CVSS v3 Score
3.1
Low
CVSS v2 Score
3.5
Low
Weakness Type
CWE-924
View all →

Vulnerability Description

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.

Related Vulnerabilities

CVE-2023-26979

LOW
CVSS:3.1(Low)

Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to decrease or increase the intensity of the s...

CWE-9242023

CVE-2020-10635

MEDIUM
CVSS:4.3(Medium)

Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server transmits the model in plaintext.

CWE-9242020

CVE-2024-52288

MEDIUM
CVSS:5.1(Medium)

libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. In affected versions an unexpected `REPLY_CCRYPT`...

CWE-9242024

CVE-2020-5869

CRITICAL
CVSS:9.1(Critical)

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit.

CWE-9242020

CVE-2024-44730

CRITICAL
CVSS:9.1(Critical)

Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name.

CWE-9242024

CVE-2025-0592

HIGH
CVSS:8.8(High)

The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device.

CWE-9242025